MS Graph - team create API returns 403 Forbidden error without proper error message

Wolken Software Ltd 0 Reputation points
2023-07-28T19:24:34.6533333+00:00

I have a single-tenant Azure app and I have all the required permission for creating an MS team via the app, and The API was working fine with the multi-tenant App earlier, but the same code is not working for the single-tenant app registered user; Please let me know if I am missing anything here; I am using organization tenant uri in my authn and authz calls for the single tenant.

Error Response User's image

API Permissions:

User's image

Decoded user's token

User's image

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,768 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,074 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,565 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sayali-MSFT 3,381 Reputation points Microsoft Vendor
    2023-07-31T13:03:29.7566667+00:00

    @Wolken Software Ltd - When issuing a request with application permissions, a user must be specified in the members collection.

    POST https://graph.microsoft.com/v1.0/teams
    Content-Type: application/json
    
    {
       "******@odata.bind":"https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
       "displayName":"My Sample Team",
       "description":"My Sample Team’s Description",
       "members":[
          {
             "@odata.type":"#microsoft.graph.aadUserConversationMember",
             "roles":[
                "owner"
             ],
             "******@odata.bind":"https://graph.microsoft.com/v1.0/users('0040b377-61d8-43db-94f5-81374122dc7e')"
          }
       ]
    }
    

    User's image

    If you are using the unattended client credentials flow to obtain an access token, then you must specify the user in the member collection.


  2. CarlZhao-MSFT 45,421 Reputation points
    2023-08-01T03:13:35.17+00:00

    Hi @Wolken Software Ltd

    Make sure the target user has an O365 license, which is required to create a team.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.